Option A is the best answer because CHFI v11 explicitly includes Viewing Log Messages in Mac , Collecting and Analyzing macOS Artifacts , and MAC Forensics Data, Log Files, and Directories as operating-system forensic objectives. In practical Mac investigations, reviewing logs through the Terminal and examining relevant files in locations such as /var/log is the most direct and native method among the choices provided.

Option B is incorrect because Event Viewer is a Windows tool, not a macOS mechanism. Option D is unrelated to native Mac log examination. Option C may be useful in some investigations, but the question asks for the most effective method for viewing log messages on Mac devices , and the CHFI blueprint specifically highlights Mac log-message viewing and artifact analysis rather than requiring third-party tooling as the primary answer.

Therefore, under CHFI macOS forensic objectives, the correct response is to use the Mac’s native logging environment through Terminal and inspect relevant log files such as system.log and related artifacts.